If your infrastructure relies on Planet Technology network management systems or industrial switches, it’s time to take a close look at your patching status.

Last week, CISA issued a critical advisory highlighting five newly discovered vulnerabilities that could allow unauthenticated remote attackers to gain admin-level control over these devices.

These flaws affect several widely used models, including:

• UNI-NMS-Lite
• NMS-500
• NMS-1000V
• WGS-804HPT-V2
• WGS-4215-8T2S

All five vulnerabilities have been rated critical — and for good reason. The flaws allow attackers to:

• Gain admin access via hardcoded credentials
• Create unauthorized admin accounts due to missing authentication controls
• Execute OS-level commands remotely
• Read or manipulate sensitive device data

In short, this is full compromise territory for any exposed or unpatched device.

CISA warns that these devices are used globally, including in the critical manufacturing sector — making this not just a security issue but a potential operational risk.

Kevin Breen, the researcher who discovered the flaws, used Censys scans to estimate that hundreds to thousands of vulnerable Planet Technology devices may be exposed to the internet right now.

The vulnerabilities were uncovered during an analysis that built on earlier research from Claroty, which also found issues in Planet devices last year.

The good news: Planet Technology responded quickly once notified. The timeline looks like this:

• March 6 – Breen reported the vulnerabilities via CISA.
• April 16 – Planet Technology released patches for all affected products.

So far, CISA has not seen any in-the-wild exploitation, but that could change quickly given the public release of technical details.